Incident: Facebook Impersonating Users to Promote Content Without Consent

Published Date: 2013-01-25

Postmortem Analysis
Timeline 1. The software failure incident of Facebook 'impersonating' users to promote stories they've never seen to all their friends happened in January 2013. [Article 16465]
System 1. Facebook's Sponsored Stories ad product 2. Facebook's Related Posts feature
Responsible Organization 1. Facebook - The software failure incident was caused by Facebook's feature that recycled users' likes without their explicit consent, leading to their identities being linked to related content without their knowledge [16465].
Impacted Organization 1. Users on Facebook [16465]
Software Causes 1. The software cause of the failure incident reported in the news article was related to Facebook's feature that automatically attaches a user's 'Like' to new Related Post content without informing the user, leading to users being associated with content they may not want to be linked with [16465].
Non-software Causes 1. Lack of explicit consent from users for their likes to be used in Sponsored Stories on Facebook [16465] 2. Lack of transparency in informing users that their likes could be attached to unrelated content [16465] 3. Potential privacy violation by linking users' identities to Sponsored Stories without their approval [16465] 4. Accusations of impersonation of users without their consent by Facebook [16465]
Impacts 1. Users' likes were being recycled and attached to unrelated content without their knowledge or consent, potentially leading to embarrassment or damage to relationships [16465]. 2. Users' identities were being linked with content on Facebook that they may be entirely unaware of, let alone have endorsed, due to the Sponsored Stories feature [16465]. 3. The software failure incident led to accusations of Facebook impersonating its users without their consent, turning them into spokesmen for products without approval [16465]. 4. The incident raised concerns about privacy violations as users' identities were being used in Sponsored Stories ads without explicit permission [16465].
Preventions 1. Implementing clear and transparent communication to users about how their likes are being used and giving them the option to opt out could have prevented the software failure incident [16465]. 2. Conducting thorough user testing and feedback collection before implementing new features related to Sponsored Stories and Related Posts to ensure user consent and understanding [16465]. 3. Enhancing privacy controls and settings to allow users more control over how their information and likes are shared and used by advertisers on the platform [16465].
Fixes 1. Implement a clear notification system: Facebook should notify users when their 'Likes' are being attached to related content for promotional purposes. Users should have the option to consent or opt out of this feature [16465]. 2. Enhance user control: Provide users with more control over how their interactions are used for advertising purposes. This could include clearer settings for managing Sponsored Stories and Related Posts [16465].
References 1. Minneapolis-based developer Craig Condon [Article 16465] 2. Bernard Meisler on ReadWrite Social [Article 16465]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization, multiple_organization (a) The software failure incident related to Facebook 'impersonating' users to promote stories they've never seen to all their friends has happened again within the same organization. The incident involves Facebook recycling users' Likes and using them to promote 'Related Posts' about products and stories without the explicit consent of the users [16465]. (b) The software failure incident of Facebook 'impersonating' users has also been reported to have happened at other organizations or with their products and services. The article mentions a case where a Facebook user documented instances where friends had liked brands that seemed completely out of character, indicating a similar issue occurring beyond just Facebook [16465].
Phase (Design/Operation) design, operation (a) The software failure incident related to the design phase can be seen in the case of Facebook's Sponsored Stories feature. Users' likes were being recycled and attached to related content without their explicit consent or knowledge. This design flaw allowed advertisers to use users' likes to promote content that users may not have wanted to be linked with, leading to privacy concerns and potential damage to relationships [16465]. (b) The software failure incident related to the operation phase can be observed in how users' identities were being linked with content on Facebook that they may have been entirely unaware of or not endorsed. This operation flaw occurred as users' likes were being republished to their friends alongside posts about new products or content, potentially leading to misunderstandings or misrepresentations of users' preferences [16465].
Boundary (Internal/External) within_system (a) within_system: The software failure incident described in the articles is related to Facebook's feature of recycling users' Likes and using them to promote 'Related Posts' about products and stories without the explicit consent or knowledge of the users whose identities are being exploited [16465]. This failure is a result of how Facebook's system operates internally, specifically with its Sponsored Stories ad product, where users' Likes are attached to related content promoted to their friends as a 'Related Post' without their awareness or approval. The failure lies within the design and implementation of this feature within Facebook's system, leading to concerns about privacy violations and potential damage to relationships due to the unauthorized association of users with content they may not endorse or agree with.
Nature (Human/Non-human) human_actions (a) The software failure incident occurring due to non-human actions: The software failure incident in the articles is related to Facebook's feature of recycling users' Likes and using them to promote 'Related Posts' about products and stories without the explicit consent or knowledge of the users. This feature is part of Facebook's Sponsored Stories ad product where the 'Like' of a user can be attached to related content promoted to the user's friends as a 'Related Post' without the user's awareness. This process is completely invisible to the users whose identities are being exploited, and there is no indication to the user that their 'Like' is being attached to such related content [16465]. (b) The software failure incident occurring due to human actions: The failure in this case is primarily due to human actions, specifically the actions taken by Facebook in implementing and utilizing the feature that recycles users' Likes without their explicit consent. The decision to attach users' Likes to related content for promotional purposes, without informing the users or providing them with the option to opt out, is a human-driven action that has led to the software failure incident reported in the articles [16465].
Dimension (Hardware/Software) software (a) The articles do not mention any software failure incident related to hardware issues [16465]. (b) The software failure incident reported in the articles is related to Facebook's feature of recycling users' Likes and using them to promote 'Related Posts' about products and stories without the explicit consent or knowledge of the users. This issue originates in the software design and implementation of Facebook's Sponsored Stories ad product, where users' identities are linked with content they may not have endorsed or even seen [16465].
Objective (Malicious/Non-malicious) non-malicious (a) The software failure incident described in the articles can be categorized as non-malicious. The incident involves Facebook being accused of 'impersonating' its users without their consent to promote 'Related Posts' about products and stories with which they may not want to be linked. Users' Likes are being recycled and attached to related content without their explicit consent or knowledge, leading to potential damage to relationships and privacy concerns [16465]. The failure is not due to malicious intent but rather a controversial feature of Facebook's Sponsored Stories ad product.
Intent (Poor/Accidental Decisions) poor_decisions (a) The intent of the software failure incident: The software failure incident related to Facebook's 'impersonating' users to promote stories they've never seen to all their friends can be attributed to poor decisions made by Facebook. The incident involved Facebook recycling users' Likes without their explicit consent to promote 'Related Posts' about products and stories with which they may not want to be linked [16465]. This practice of attaching a user's 'Like' to related content without informing them or obtaining their consent can be seen as a poor decision on Facebook's part, leading to user dissatisfaction and privacy concerns.
Capability (Incompetence/Accidental) development_incompetence, accidental (a) The software failure incident related to development incompetence is evident in the article as Facebook was accused of 'impersonating' its users 'without their consent' to promote items in the news feeds of their friends. Critics claimed that Facebook was recycling users' Likes and using them to promote 'Related Posts' about products and stories with which users may not want to be associated [16465]. (b) The software failure incident related to accidental factors is highlighted in the article where Facebook mentioned that in some cases, people may have liked things they were linked to accidentally, perhaps by inadvertently pressing a button on the mobile app. Additionally, Facebook mentioned that in the case of deceased individuals liking things, it could be that the social network was recycling likes from when they were still alive [16465].
Duration temporary The software failure incident described in the articles can be categorized as a temporary failure. This is evident from the fact that the incident was related to Facebook's feature of recycling users' Likes and using them to promote 'Related Posts' about products and stories without the explicit consent or knowledge of the users [16465]. The incident was not a permanent failure but rather a specific issue related to how Facebook's Sponsored Stories ad product was utilizing users' interactions on the platform to promote content to their friends without their full awareness or approval.
Behaviour omission, other (a) crash: The software failure incident described in the articles does not involve a crash where the system loses state and stops performing its intended functions. (b) omission: The software failure incident can be categorized under omission. Facebook was accused of recycling users' Likes without their consent and using them to promote 'Related Posts' about products and stories with which the users may not want to be linked. This omission of informing users about attaching their Likes to related content led to the failure incident [16465]. (c) timing: The software failure incident is not related to timing issues where the system performs its intended functions but at the wrong time. (d) value: The software failure incident does not involve the system performing its intended functions incorrectly. (e) byzantine: The software failure incident does not exhibit byzantine behavior where the system behaves erroneously with inconsistent responses and interactions. (f) other: The behavior of the software failure incident can be described as unauthorized and deceptive behavior by Facebook, where users' identities were exploited without their explicit consent to endorse items in the news feeds of their friends. This behavior goes beyond just advertising on a user's behalf and can potentially damage relationships by associating users with inappropriate content or information they do not agree with [16465].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence theoretical_consequence (a) death: People lost their lives due to the software failure - The article mentions a case where in some instances, users have seen items 'liked' by friends and relatives who are actually no longer alive [16465]. (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur - The article discusses the potential theoretical consequence of damaging relationships due to Facebook's feature of recycling likes without users' explicit consent, which could lead to friends and family thinking the user likes inappropriate content or information they don't agree with, potentially causing harm to relationships [16465].
Domain information (a) The failed system in this incident is related to the information industry as it involves the production and distribution of information on Facebook's platform. The software failure incident revolves around Facebook's practice of recycling users' likes without their explicit consent to promote related content to their friends [Article 16465].

Sources

Back to List